Hackers reportedly used an altered version of Apple’s development tool Xcode to inject malware into applications, Engadget reported. Alibaba researchers named the malware “XcodeGhost,” since it launches when developers download the altered versions of Xcode.

According to security researcher Palo Alto Networks, XcodeGhost has successfully been able to infect multiple iOS apps created by infected developers. These apps were able to be submitted to the App Store, pass Apple’s code review and were then made available for public download.

“We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” Palo Alto Networks security researcher Claud Xiao said.

Researchers confirmed XcodeGhost has the ability to transmit information about a user’s mobile devices, including the phone’s name, language, country, network type and UUID.

“We have evidence that this was used to ‘phish’ iCloud credentials from users of infected apps. The response can also contain a URL, which the app will then open. We don’t know how this is being used, but it could be used to send other apps on the phone to potentially malicious resources,” Ryan Olson, intelligence director of the Unit 42 research unit at Palo Alto Networks, told Forbes.

The list of compromised iOS applications includes mobile messenger WeChat, Uber’s Chinese rival Didi Kuaidi and music streaming service NetEase, The Wall Street Journal reported over the weekend.

Palo Alto Networks said it has made Apple aware of the vulnerability, but the company has not yet provided any public comment.

The latest update to Apple’s operating system, iOS 9, was released with some sense of urgency this year, as without it iOS enthusiasts are apt to be tapped by what many are calling a “nasty bug” that is easily and quietly exploitable via Apple AirDrop, iOS and Mac OS’s file-sharing system.

The goods new here is that an upgrade to iOS 9 significantly mitigates the problem. The bad news (despite all the headlines to the contrary) is that the iOS 9 upgrade does not fix the problem — it only makes it a little less severe.